panic: fifo_badop called
3 views
Skip to first unread message
syzbot
Nov 25, 2018, 2:12:03 PM11/25/18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 03d6ed1c9def Remove (unused) FS_BOOT training wheels. If y..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=13cdec25400000
dashboard link: https://syzkaller.appspot.com/bug?extid=8e9ce01db2b8b8e02e83
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8e9ce0...@syzkaller.appspotmail.com
panic: fifo_badop called
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*291601 43109 0 0x2 0 0 syz-executor0
db_enter() at db_enter+0xa
panic() at panic+0x147
fifo_badop(ffffffff8169c4b2) at fifo_badop+0x12
VOP_STRATEGY(ffffff007ec31400) at VOP_STRATEGY+0x6b
bwrite(ffff800021142080) at bwrite+0x195
VOP_BWRITE(ffffff0069549970) at VOP_BWRITE+0x47
ufs_mkdir(ffffffff81dfb6d8) at ufs_mkdir+0x5a9
VOP_MKDIR(ffff8000ffffc4b8,1ed,ffffff9c,ffff800021142038) at VOP_MKDIR+0x65
domkdirat(ffff800021142270,ffff8000ffffc4b8,ffff8000210a5fd8,880) at
domkdirat+0x10f
syscall(0) at syscall+0x3e4
Xsyscall(6,88,7f7fffff5410,88,0,7f7fffff5450) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff5480, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 03d6ed1c9def Remove (unused) FS_BOOT training wheels. If y..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=13cdec25400000
dashboard link: https://syzkaller.appspot.com/bug?extid=8e9ce01db2b8b8e02e83
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8e9ce0...@syzkaller.appspotmail.com
panic: fifo_badop called
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*291601 43109 0 0x2 0 0 syz-executor0
db_enter() at db_enter+0xa
panic() at panic+0x147
fifo_badop(ffffffff8169c4b2) at fifo_badop+0x12
VOP_STRATEGY(ffffff007ec31400) at VOP_STRATEGY+0x6b
bwrite(ffff800021142080) at bwrite+0x195
VOP_BWRITE(ffffff0069549970) at VOP_BWRITE+0x47
ufs_mkdir(ffffffff81dfb6d8) at ufs_mkdir+0x5a9
VOP_MKDIR(ffff8000ffffc4b8,1ed,ffffff9c,ffff800021142038) at VOP_MKDIR+0x65
domkdirat(ffff800021142270,ffff8000ffffc4b8,ffff8000210a5fd8,880) at
domkdirat+0x10f
syscall(0) at syscall+0x3e4
Xsyscall(6,88,7f7fffff5410,88,0,7f7fffff5450) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff5480, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Dec 2, 2018, 5:34:03 PM12/2/18
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 87d30890b5c0 mention REGRESS_SKIP_TARGETS; ok bluhm@
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=128821a3400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=139f812b400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8e9ce0...@syzkaller.appspotmail.com
login: panic: fifo_badop called
VOP_STRATEGY(ffffff006d091600) at VOP_STRATEGY+0x6b
bwrite(ffff8000211029c0) at bwrite+0x195
VOP_BWRITE(ffffff0076d5aa28) at VOP_BWRITE+0x47
ufs_mkdir(ffffffff81e0f848) at ufs_mkdir+0x5a9
VOP_MKDIR(ffff8000210c2718,1ed,ffffff9c,ffff800021102978) at VOP_MKDIR+0x65
domkdirat(ffff800021102bb0,ffff8000210c2718,ffff8000210a5cb0,880) at
domkdirat+0x10f
syscall(0) at syscall+0x3e4
Xsyscall(6,88,9bdb,88,7f7ffffe42f0,7f7ffffe4314) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe4340, count: 4
ddb> set $lines = 0
ddb> show panic
fifo_badop called
ddb> trace
VOP_STRATEGY(ffffff006d091600) at VOP_STRATEGY+0x6b
bwrite(ffff8000211029c0) at bwrite+0x195
VOP_BWRITE(ffffff0076d5aa28) at VOP_BWRITE+0x47
ufs_mkdir(ffffffff81e0f848) at ufs_mkdir+0x5a9
VOP_MKDIR(ffff8000210c2718,1ed,ffffff9c,ffff800021102978) at VOP_MKDIR+0x65
domkdirat(ffff800021102bb0,ffff8000210c2718,ffff8000210a5cb0,880) at
domkdirat+0x10f
syscall(0) at syscall+0x3e4
Xsyscall(6,88,9bdb,88,7f7ffffe42f0,7f7ffffe4314) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe4340, count: -11
ddb> show registers
rdi 0xffffffff81dfc450 kprintf_mutex
rsi 0x5
rbp 0xffff800021102600
rbx 0xffff8000211026a0
rdx 0x3fd
rcx 0
rax 0
r8 0xffff8000211025d0
r9 0
r10 0x43338 acpi_pdirpa+0x2f1a0
r11 0xffffffff818f3fa0 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff800021102610
r14 0x100
r15 0xffffffff81c29eab apollo_udma66_tim+0x401c
rip 0xffffffff8111f55a db_enter+0xa
cs 0x8
rflags 0x246
rsp 0xffff800021102600
ss 0x10
db_enter+0xa: popq %rbp
ddb> show proc
PROC (syz-executor9992) pid=362907 stat=onproc
flags process=0 proc=0
pri=17, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000210c2970,0xffff8000210c2278
process=0xffff8000210a5cb0 user=0xffff8000210fd000,
vmspace=0xffffff007f12b108
estcpu=36, cpticks=0, pctcpu=0.1
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
69225 69241 28202 0 2 0 syz-executor9992
*73202 362907 28202 0 7 0 syz-executor9992
28202 6745 2615 0 3 0x82 nanosleep syz-executor9992
2615 272803 68111 0 3 0x10008a pause ksh
68111 21306 96065 0 3 0x92 select sshd
31421 15885 1 0 3 0x100083 ttyin getty
96065 65977 1 0 3 0x80 select sshd
90786 57108 20598 73 3 0x100090 kqread syslogd
20598 346773 1 0 3 0x100082 netio syslogd
74436 89412 1 77 3 0x100090 poll dhclient
41809 184409 1 0 3 0x80 poll dhclient
50996 70711 0 0 3 0x14200 pgzero zerothread
99581 371892 0 0 3 0x14200 aiodoned aiodoned
11819 284531 0 0 3 0x14200 syncer update
11928 502700 0 0 3 0x14200 cleaner cleaner
98707 15718 0 0 3 0x14200 reaper reaper
17212 212948 0 0 3 0x14200 pgdaemon pagedaemon
12424 172760 0 0 3 0x14200 bored crynlk
81398 423034 0 0 3 0x14200 bored crypto
67101 432217 0 0 3 0x40014200 acpi0 acpi0
96481 438374 0 0 3 0x14200 bored softnet
72922 179980 0 0 3 0x14200 bored systqmp
12280 258220 0 0 3 0x14200 bored systq
21333 275307 0 0 3 0x40014200 bored softclock
98329 96242 0 0 3 0x40014200 idle0
1 106944 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
HEAD commit: 87d30890b5c0 mention REGRESS_SKIP_TARGETS; ok bluhm@
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=12952a93400000
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=128821a3400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=139f812b400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8e9ce0...@syzkaller.appspotmail.com
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*362907 73202 0 0 0 0 syz-executor9992
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0xa
panic() at panic+0x147
fifo_badop(ffffffff813c6772) at fifo_badop+0x12
panic() at panic+0x147
VOP_STRATEGY(ffffff006d091600) at VOP_STRATEGY+0x6b
bwrite(ffff8000211029c0) at bwrite+0x195
VOP_BWRITE(ffffff0076d5aa28) at VOP_BWRITE+0x47
ufs_mkdir(ffffffff81e0f848) at ufs_mkdir+0x5a9
VOP_MKDIR(ffff8000210c2718,1ed,ffffff9c,ffff800021102978) at VOP_MKDIR+0x65
domkdirat(ffff800021102bb0,ffff8000210c2718,ffff8000210a5cb0,880) at
domkdirat+0x10f
syscall(0) at syscall+0x3e4
Xsyscall(6,88,9bdb,88,7f7ffffe42f0,7f7ffffe4314) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe4340, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
reports. Insufficient info makes it difficult to find and fix bugs.
ddb> set $lines = 0
ddb> show panic
fifo_badop called
ddb> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
fifo_badop(ffffffff813c6772) at fifo_badop+0x12
panic() at panic+0x147
VOP_STRATEGY(ffffff006d091600) at VOP_STRATEGY+0x6b
bwrite(ffff8000211029c0) at bwrite+0x195
VOP_BWRITE(ffffff0076d5aa28) at VOP_BWRITE+0x47
ufs_mkdir(ffffffff81e0f848) at ufs_mkdir+0x5a9
VOP_MKDIR(ffff8000210c2718,1ed,ffffff9c,ffff800021102978) at VOP_MKDIR+0x65
domkdirat(ffff800021102bb0,ffff8000210c2718,ffff8000210a5cb0,880) at
domkdirat+0x10f
syscall(0) at syscall+0x3e4
Xsyscall(6,88,9bdb,88,7f7ffffe42f0,7f7ffffe4314) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe4340, count: -11
ddb> show registers
rdi 0xffffffff81dfc450 kprintf_mutex
rsi 0x5
rbp 0xffff800021102600
rbx 0xffff8000211026a0
rdx 0x3fd
rcx 0
rax 0
r8 0xffff8000211025d0
r9 0
r10 0x43338 acpi_pdirpa+0x2f1a0
r11 0xffffffff818f3fa0 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff800021102610
r14 0x100
r15 0xffffffff81c29eab apollo_udma66_tim+0x401c
rip 0xffffffff8111f55a db_enter+0xa
cs 0x8
rflags 0x246
rsp 0xffff800021102600
ss 0x10
db_enter+0xa: popq %rbp
ddb> show proc
PROC (syz-executor9992) pid=362907 stat=onproc
flags process=0 proc=0
pri=17, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000210c2970,0xffff8000210c2278
process=0xffff8000210a5cb0 user=0xffff8000210fd000,
vmspace=0xffffff007f12b108
estcpu=36, cpticks=0, pctcpu=0.1
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
69225 69241 28202 0 2 0 syz-executor9992
*73202 362907 28202 0 7 0 syz-executor9992
28202 6745 2615 0 3 0x82 nanosleep syz-executor9992
2615 272803 68111 0 3 0x10008a pause ksh
68111 21306 96065 0 3 0x92 select sshd
31421 15885 1 0 3 0x100083 ttyin getty
96065 65977 1 0 3 0x80 select sshd
90786 57108 20598 73 3 0x100090 kqread syslogd
20598 346773 1 0 3 0x100082 netio syslogd
74436 89412 1 77 3 0x100090 poll dhclient
41809 184409 1 0 3 0x80 poll dhclient
50996 70711 0 0 3 0x14200 pgzero zerothread
99581 371892 0 0 3 0x14200 aiodoned aiodoned
11819 284531 0 0 3 0x14200 syncer update
11928 502700 0 0 3 0x14200 cleaner cleaner
98707 15718 0 0 3 0x14200 reaper reaper
17212 212948 0 0 3 0x14200 pgdaemon pagedaemon
12424 172760 0 0 3 0x14200 bored crynlk
81398 423034 0 0 3 0x14200 bored crypto
67101 432217 0 0 3 0x40014200 acpi0 acpi0
96481 438374 0 0 3 0x14200 bored softnet
72922 179980 0 0 3 0x14200 bored systqmp
12280 258220 0 0 3 0x14200 bored systq
21333 275307 0 0 3 0x40014200 bored softclock
98329 96242 0 0 3 0x40014200 idle0
1 106944 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
Greg Steuck
Dec 2, 2018, 5:38:30 PM12/2/18
to syzbot+8e9ce0...@syzkaller.appspotmail.com, syzkaller-o...@googlegroups.com
Syzkaller was using to my repository which still doesn't have https://github.com/google/syzkaller/commit/88746fdf89106818da2ef7c64f1cfdc8488f6f2b
I'll switch to the official repo.
--
You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/0000000000001fb545057c11a1e8%40google.com.
For more options, visit https://groups.google.com/d/optout.
nest.cx is Gmail hosted, use PGP for anything private. Key: http://goo.gl/6dMsr
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Reply all
Reply to author
Forward
0 new messages